|
I have a question about the 'IP_MASQ_S_FIN_TIMEOUT"
values in "net/ipv4/ip_masq.c" for the 2.2.x
kernel. What purpose is served by having the
terminated masqueraded TCP connection entries
remain in memory for the default timeout of 2
minutes? Why isn't the entry freed immediately?
Perhaps what I'm really asking is why there
is an mFW state at all. The only thing I can
think of is if the other end of the TCP connection
spontaneously issues a half close before the
initiator sends his half close. Then it might
be desirable to wait a while for the initiator
to send his half close prior to disposing of
the connection totally. What would be the
consequences of using "ipchains -M -S" to set this
value to, say, 1 second?
[IP_MASQ_S_FIN_WAIT] = 2*60*HZ,
/* OUTPUT */
/* mNO, mES, mSS, mSR, mFW, mTW, mCL, mCW, mLA, mLI */
/*syn*/ {{mSS, mES, mSS, mSR, mSS, mSS, mSS, mSS, mSS, mLI }},
/*fin*/ {{mTW, mFW, mSS, mTW, mFW, mTW, mCL, mTW, mLA, mLI }},
/*ack*/ {{mES, mES, mSS, mES, mFW, mTW, mCL, mCW, mLA, mES }},
/*rst*/ {{mCL, mCL, mSS, mCL, mCL, mTW, mCL, mCL, mCL, mCL }},
};
/mFW
|
